Reland "[runtime] Pass global proxy as receiver to native accessors in case of contextual access"

Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons. Bug: chromium:713732 Change-Id: I835ef510fc78f04c602434a7cec6420e027c4012 Reviewed-on: https://chromium-review.googlesource.com/520764 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Cr-Commit-Position: refs/heads/master@{#45654}

Reland "[runtime] Pass global proxy as receiver to native accessors in case of contextual access"
Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons. Bug: chromium:713732 Change-Id: I835ef510fc78f04c602434a7cec6420e027c4012 Reviewed-on: https://chromium-review.googlesource.com/520764 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Cr-Commit-Position: refs/heads/master@{#45654}
ba8a7539 · Toon Verwaest · Commit Bot · c72d64cb · ba8a7539 · ba8a7539
Commit ba8a7539 authored Jun 01, 2017 by Toon Verwaest Committed by Commit Bot Jun 01, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 0 deletions

objects.cc src/objects.cc +10 -0

test-api.cc test/cctest/test-api.cc +18 -0

No files found.
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -1371,6 +1371,11 @@ MaybeHandle<Object> Object::GetPropertyWithAccessor(LookupIterator* it) {
  Isolate* isolate = it->isolate();
  Handle<Object> structure = it->GetAccessors();
  Handle<Object> receiver = it->GetReceiver();
+  // In case of global IC, the receiver is the global object. Replace by the
+  // global proxy.
+  if (receiver->IsJSGlobalObject()) {
+    receiver = handle(JSGlobalObject::cast(*receiver)->global_proxy(), isolate);
+  }

  // We should never get here to initialize a const with the hole value since a
  // const declaration would conflict with the getter.
@@ -1463,6 +1468,11 @@ Maybe<bool> Object::SetPropertyWithAccessor(LookupIterator* it,
  Isolate* isolate = it->isolate();
  Handle<Object> structure = it->GetAccessors();
  Handle<Object> receiver = it->GetReceiver();
+  // In case of global IC, the receiver is the global object. Replace by the
+  // global proxy.
+  if (receiver->IsJSGlobalObject()) {
+    receiver = handle(JSGlobalObject::cast(*receiver)->global_proxy(), isolate);
+  }

  // We should never get here to initialize a const with the hole value since a
  // const declaration would conflict with the setter.

--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -26588,6 +26588,24 @@ TEST(SetPrototypeTemplate) {
  ExpectTrue("Image.prototype === HTMLImageElement.prototype");
 }

+void ensure_receiver_is_global_proxy(
+    v8::Local<v8::Name>, const v8::PropertyCallbackInfo<v8::Value>& info) {
+  CHECK(v8::Utils::OpenHandle(*info.This())->IsJSGlobalProxy());
+}
+
+THREADED_TEST(GlobalAccessorInfo) {
+  v8::Isolate* isolate = CcTest::isolate();
+  v8::HandleScope scope(isolate);
+  Local<v8::ObjectTemplate> global_template = v8::ObjectTemplate::New(isolate);
+  global_template->SetAccessor(
+      v8::String::NewFromUtf8(isolate, "prop", v8::NewStringType::kInternalized)
+          .ToLocalChecked(),
+      &ensure_receiver_is_global_proxy);
+  LocalContext env(NULL, global_template);
+  CompileRun("for (var i = 0; i < 10; i++) this.prop");
+  CompileRun("for (var i = 0; i < 10; i++) prop");
+}
+
 UNINITIALIZED_TEST(IncreaseHeapLimitForDebugging) {
  using namespace i;
  v8::Isolate::CreateParams create_params;